Another way to deploy Forefront Endpoint Protection (FEP) to a collection in ConfigMgr and deploy policies

So you want to deploy FEP to a collection?  Good.  Let’s get started.

Select the collection you want to deploy FEP to, right click on it, choose Distribute, then Software.

screenshot.2

Next.

screenshot.3

You’ll want to select the existing package Microsoft Corporation FEP – Deployment 1.0 .  This package was created when FEP was installed.  FEP installs the package but it’s up to you for it to be on the distribution points.

screenshot.4

I’m going to choose my only DP since this is a small test lab.

screenshot.5

I want to choose Install Microsoft Forefront Endpoint Protection 2010 after removing other installed blah blah blah. 
Products FEP can uninstall are listed here http://technet.microsoft.com/en-us/library/ff823900.aspx
More information about FEP and uninstalling other antivirus products can be found herehttp://technet.microsoft.com/en-us/library/ff823842.aspx

Please keep in mind that you should test this in a controlled environment before deploying.  To date I have seen FEP not uninstall Symantec Live Update (because it’s not av) but then complain that it’s a competing product.  Test in your own environment please.

screenshot.6

Next.

screenshot.7

In this example it doesn’t matter since the collection does not contain other subcollections.

screenshot.8

We don’t want this advertisement to expire since we want this on everything in our collection.

screenshot.9

Yes we want to assign the program so it’s mandatory.  This way new clients in the collection will get FEP installed automatically

screenshot.10

Next.

screenshot.11

And we’re done.

screenshot.12

At this point FEP should uninstall old AV(including MOM for FCS) and install FEP the next time the client(s) checks in.

The next thing I want to do is distribute policies (settings) to clients in the collection.

Right click the collection, Distribute, Software.

screenshot.15

Next.

screenshot.17

We’re going to chose Microsoft Corporation FEP – Policies 1.0.  This was created when FEP was installed.

screenshot.20

We’re going to choose what DPs this should be at.

screenshot.21

I’m going to chose the Default Desktop Policy as an example.

screenshot.22

Next.

screenshot.23

Doesn’t matter since there are no subcollections.

screenshot.24

NO this should never expire.

screenshot.25

Yes make it mandatory.

screenshot.26

Next.

screenshot.27

Done.

screenshot.28

Now what I recommend is going into the advertisement and setting a reoccurring time for the policies to update.  This way if you make a change to a policy in an x amount of time your change will be on the workstations on a regular basis.  If not you would have to re-run the advertisement.  Also notice the Program rerun behavior is set to Always rerun program.  You want this because if not any new changes to your settings/policies would not be ran and applied.

I’m sure there will be a debate of either rerun your advertisement after you make a change or let it happen on a schedule.  Either way will give you the same end result.  It’s up to you to decide what is preferred.

image

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s